diff options
author | Marco Trevisan (Treviño) <mail@3v1n0.net> | 2021-02-16 01:33:11 +0100 |
---|---|---|
committer | Marco Trevisan (Treviño) <mail@3v1n0.net> | 2021-02-16 01:39:31 +0100 |
commit | 504fec05f9ce504473935f2ae3a5bc22cc49a185 (patch) | |
tree | c5f83e0f67148ad32405102de336967d67667ef1 | |
parent | 929de93ddd2277cb7671ca89a63899c8b64ce6f5 (diff) | |
download | gdm-504fec05f9ce504473935f2ae3a5bc22cc49a185.tar.gz |
session: Threat PAM max retries error as service unavailable
When a service has returned PAM_MAXTRIES error code we should both emit
the error message and also ensure that this service isn't marked as
available again for the current session, to prevent us to restart the
authentication of it.
An example of this can be the PAM fprintd module that will return us a
max retries error when the user tried to use his finger more times than
configured. In such scenario we want to both prompt the error to the
user and prevent that this module is used again if the user can still
use other authentication methods.
So add an error specialization for PAM_MAXTRIES and threat it as service
unavailable error when emitting it.
-rw-r--r-- | daemon/gdm-session-worker-common.h | 1 | ||||
-rw-r--r-- | daemon/gdm-session-worker.c | 7 | ||||
-rw-r--r-- | daemon/gdm-session.c | 5 |
3 files changed, 12 insertions, 1 deletions
diff --git a/daemon/gdm-session-worker-common.h b/daemon/gdm-session-worker-common.h index a55e2b2a..7dab7d4b 100644 --- a/daemon/gdm-session-worker-common.h +++ b/daemon/gdm-session-worker-common.h @@ -36,6 +36,7 @@ typedef enum _GdmSessionWorkerError { GDM_SESSION_WORKER_ERROR_COMMUNICATING, GDM_SESSION_WORKER_ERROR_WORKER_DIED, GDM_SESSION_WORKER_ERROR_SERVICE_UNAVAILABLE, + GDM_SESSION_WORKER_ERROR_TOO_MANY_RETRIES, GDM_SESSION_WORKER_ERROR_AUTHENTICATING, GDM_SESSION_WORKER_ERROR_AUTHORIZING, GDM_SESSION_WORKER_ERROR_OPENING_LOG_FILE, diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c index e4d2e3fa..cb53e461 100644 --- a/daemon/gdm-session-worker.c +++ b/daemon/gdm-session-worker.c @@ -1283,6 +1283,13 @@ gdm_session_worker_authenticate_user (GdmSessionWorker *worker, GDM_SESSION_WORKER_ERROR_SERVICE_UNAVAILABLE, "%s", ""); goto out; + } else if (error_code == PAM_MAXTRIES) { + g_debug ("GdmSessionWorker: authentication service had too many retries"); + g_set_error_literal (error, + GDM_SESSION_WORKER_ERROR, + GDM_SESSION_WORKER_ERROR_TOO_MANY_RETRIES, + get_friendly_error_message (worker, error_code)); + goto out; } else if (error_code != PAM_SUCCESS) { g_debug ("GdmSessionWorker: authentication returned %d: %s", error_code, pam_strerror (worker->priv->pam_handle, error_code)); diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c index b07ffa82..a6f00b66 100644 --- a/daemon/gdm-session.c +++ b/daemon/gdm-session.c @@ -220,7 +220,10 @@ report_and_stop_conversation (GdmSession *self, if (self->user_verifier_interface != NULL) { if (g_error_matches (error, GDM_SESSION_WORKER_ERROR, - GDM_SESSION_WORKER_ERROR_SERVICE_UNAVAILABLE)) { + GDM_SESSION_WORKER_ERROR_SERVICE_UNAVAILABLE) || + g_error_matches (error, + GDM_SESSION_WORKER_ERROR, + GDM_SESSION_WORKER_ERROR_TOO_MANY_RETRIES)) { gdm_dbus_user_verifier_emit_service_unavailable (self->user_verifier_interface, service_name, error->message); |